ragcode-memory

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill instructions in SKILL.md include a specific security rule that forbids the storage of secrets such as API keys, passwords, and tokens in the shared memory layer.
  • [SAFE]: The installation procedures in README.md refer to official tools and repositories from the vendor 'MarshallEriksen-Neura', such as the 'ragcode-context-engine' package and the 'ragcode-skills' bundle.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data (memories, feedback, decisions) that may be influenced by untrusted users or other agents.
  • Ingestion points: The agent ingests external data through the 'memory_query' and 'memory_list' tools, as well as via the 'memorySnippets' and 'memoryHints' fields in tool outputs.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded directives within the memory content are provided in the prompt.
  • Capability inventory: The agent's capabilities are limited to interacting with the RagCode MCP server (read, write, delete); it does not have access to subprocess execution or direct file system writes.
  • Sanitization: There is no evidence of content validation or sanitization for the retrieved memory data in the skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 09:42 AM